Wednesday, November 16, 2005

Comments on Sony's malware

I just got this from a tecchy friend in Aus and it's so good i'm just gonna shamelessly reproduce it here ;-) (hattip to Boyd, make it into a blog post and then teach me how to use trackbacks...)
Ok, the tech world is all over this, but it seems to me that some of my non-tech friends may not have caught this story. It's one of the more interesting blunders from the "we treat our customers like crap and then sue them" recording industry.

Sony BMG have released some CDs (in the US only they claim, but see later) that have "copy protection" built in. In fact, what happens is that you insert the CD and some software is installed onto your Windows (or Mac) machine that comprises a "rootkit" (software which inserts itself into the lowest levels of the OS and then hides, doing something naughty... often used my hackers). This software is designed to prevent copying the CD.

15 days ago, an industry recognized Windows internals guru investigated strange behaviour on his machine and reported on what he found.

The software provided no uninstall option, actively hid from deletion and if you worked around that and deleted the hidden files it broke Windows.

Sony then responded by lying about the product, saying it wasn't malicious and was not a security risk. Oh, and they released an "update" that removed the cloaking but left your computer vulnerable to any website on the net installing any software they wanted on your machine without permission or notice.

There are indications that they have breached other people's copyright in distributing their software. Oh, the irony.

The are police involved in some countries, investigating whether Sony have breached the law.

There's a Trojan (malicious program) that uses the Sony cloaking to hide.

People are using the cloaking to cheat in online games.

Sony then halt production of the CDs. Microsoft and other vendors announce that they will update their security software to treat the rootkit just like any other virus or spyware.

Class action lawsuits have been launched.

Sony say they will recall the CDs, and offer exchanges. But still, removing the software leave the aforementioned HUGE security hole.

And now, a reputable researcher probing machines on the net has estimated that at LEAST 500,000 machines are affected. Personally I think that's a little high, but still... He generated these maps: USA, Europe, Asia

The RIAA (recording industry group) warn that people shouldn't use peer-to-peer networks because you can get all kinds of nasty software from them....

Note this is only affects those who actually have (and presumably bought) a CD, NOT those that download the music. In other words it only affects their PAYING CUSTOMERS.

Yeah, they're winning customers back bigtime.
Bad Sony, very very bad. I hope you get the crap sued out of you.

1 Comments:

Blogger Joe said...

dear rod, you are a spam merchant - begone creten. anyone reading this blog that then goes and buys a herbal supplement to cure their colon cancer is a fucking idiot that hasn't understood a word i've been saying...

9:20 AM  

Post a Comment

<< Home